Unintended Environment Variable Disclosure in HashiCorp Nomad Template Rendering (GHSA-6hv3-7c34-4hx8)

Unintended Environment Variable Disclosure in HashiCorp Nomad Template Rendering (GHSA-6hv3-7c34-4hx8)

CVE-2019-14802 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

HashiCorp Nomad 0.5.0 through 0.9.4 (fixed in 0.9.5) reveals unintended environment variables to the rendering task during template rendering, aka GHSA-6hv3-7c34-4hx8. This applies to nomad/client/allocrunner/taskrunner/template.

Learn more about our Web Application Penetration Testing UK.